Skills
skills/jim60105/copilot-prompt/update-github-actions-version/Gen Agent Trust Hub

update-github-actions-version

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill performs routine maintenance tasks on GitHub Actions workflow files.\n- [COMMAND_EXECUTION]: Executes local git add and git commit commands to save version updates, which is the intended behavior of the skill.\n- [DATA_EXFILTRATION]: Queries the official GitHub release pages (github.com), a well-known service, to retrieve action metadata. This does not involve exfiltrating sensitive data.\n- [PROMPT_INJECTION]: The skill ingests external data from workflow files and GitHub release notes. This represents a surface for indirect prompt injection, but the risk is assessed as safe given the lack of high-privilege capabilities and the skill's specific purpose.\n
  • Ingestion points: Workflow files in .github/workflows/ and remote GitHub release/changelog information.\n
  • Boundary markers: None identified.\n
  • Capability inventory: Local file modifications and git command execution.\n
  • Sanitization: None identified.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 02:38 AM
Security Audit — agent-trust-hub — update-github-actions-version